Phishing is a cyber attack that fraudsters attempt to use to phish for confidential information, such as credit card details.

Victims often receive a fake email instructing them to click on harmful links, download malware or reveal personal details.

Binance users can set up anti-phishing codes to help them cross-check the authenticity of Binance emails.

Before the advent of Web3, phishing attacks mainly targeted bank accounts and credit cards. Now, your crypto wallet may have been targeted for phishing.

Anti-phishing codes and how to protect yourself

No matter how safe you think your money is, or whether it’s in a vault, blockchain, or your hardware wallet, the human brain is always susceptible to manipulation. Fraudsters, for example, may easily exploit human trust, but most likely they don’t know how to break state-of-the-art security systems.

Unlike programs, humans have emotions such as fear, greed, and curiosity; therefore, phishing is and will always be the preferred method of fraudsters.

According to Deloitte’s 2021 Financial Cyber ​​Survey, phishing/malware (also known as social engineering) is considered the biggest cyber threat to businesses in the financial services industry.

This guide will cover everything you need to know about phishing attacks, real-world examples of phishing, and how to protect your account with Binance’s Anti-Phishing Code.

Visit Binance Academy

What is phishing?

Phishing is a popular cyber attack in which fraudsters phish for personal information (for example, credit card details) by impersonating a reputable business or entity. Additionally, phishing is a social engineering attack, which is an umbrella term for all malicious activities that rely on human interaction. In short, social engineering is a hacking of people, not a program.

The most common form of phishing is via email. For example, you may receive an email from someone you “trust” enticing you to click a link, download harmful malware, or reveal your personal information.

According to Verizon’s 2022 Data Breach Investigations Report, 96 percent of phishing attacks occur via email.

Go to Binance Official Website

Common suspects: Phishing emails

Phishing emails use a combination of techniques to forge the sender’s address. Such emails include: obvious scams and ingenious imitations, and even seasoned cryptocurrency users have fallen victim. Phishing attacks work, so they still exist. Next, you can browse our teardown of five real-world examples of phishing emails.

Example 1

Attackers created this email to steal customers’ emails, passwords, and 2FA backup keys. The email was sent from using a Binance-like domain name. But don’t be fooled by binance.com, as fraudsters use every trick in the book to disguise their email addresses.

Example 2

The email tried to convince users to download a seemingly innocuous PDF file that turned out to be harmful malware. Unlike the previous example, the format and language used are significantly less professional.

Example 3

This phishing email instructs users to check if they have received 0.129 BTC by clicking on the Binance link. We advise users not to click on a link if it looks strange, unfamiliar or suspicious. You can also double-check any Binance domain on Binance Verify . That being said, if you are in doubt about an email and its contents, you can always contact Binance Support.

Example 4

This example instructs users to join a contest called “ETH Giveaway” by clicking the “Participate” green prominent button displayed at the bottom. Just like our first example, you will notice that the sender is using a fake Binance email address.

Example 5

The sender of the email, posing as Binance’s “listing director,” asked users to leave a message on their Telegram. Once the target is contacted on Telegram, the attackers ask for a certain amount of cryptocurrency to be sent to their wallet address. Although the email domain shows as Binance.com, Binance did not send this email. In fact, Binance staff will never ask users for confidential information.

Don’t be fooled, set your anti-phishing code

Once set up, an anti-phishing code is a unique set of letters and numbers that will appear in every legitimate email you receive from Binance. If the email shows an incorrect code or no code, please contact Binance Support immediately . This email may be an attempt to steal your personal information. On the other hand, if the anti-phishing code is displayed in the real Binance email, then you will be able to identify the fraudulent email.

Anti-phishing codes are highly sensitive personal information; under no circumstances should you share them with anyone, including Binance employees.

Here’s what a Binance email looks like with and without an anti-phishing code.

Don't be fooled, set your anti-phishing code

How to Set Up Your Anti-Phishing Code

Setting up an anti-phishing code is easy and only takes a few minutes. Follow the steps below to get started:

First, log into your Binance account on a computer.  Access the main panel of your account. You'll find the Anti-Phishing Code setting under the Security tab.   Please click [Enable] to start using it.  Create your own anti-phishing code using a set of letters and numbers

  1. First, log into your Binance account on a computer.
  2. Access the main panel of your account. You’ll find the Anti-Phishing Code setting under the Security tab.
  3. Please click [Enable] to start using it.
  4. Create your own anti-phishing code using a set of letters and numbers.

how to enable anti phishing code

The code must be at least 8 characters and contain both uppercase letters and numbers. We recommend that users create code that is easy to remember and hard to guess by attackers.

  • Enter your Google or SMS authentication password, depending on which two-factor authentication (2FA) you have enabled.
  • The setup of the anti-phishing code is now complete. From now on, all emails sent by Binance will contain your unique code.

Visit Binance Academy

How to Update Your Anti-Phishing Code

As with passwords, it’s a good idea to update anti-phishing codes regularly, at least once a month. At times, an attacker may already have your anti-phishing code and may be waiting for an opportunity to attack. Frequent code changes prevent potential leaks or the possibility of a successful phishing attack. If you suspect an anti-phishing code has been compromised, make sure to update it as soon as possible.

To update your code, visit the Anti-Phishing Codes section on the main dashboard of your account. Then, click on Change Code and follow the same process as when you created your Anti-Phishing Code earlier. Remember to create a new code that doesn’t look like the old version.

Open Binance’s Account